Audit Planning MemorandumRaven Global Training

1、the purposes of the audit plan are, first, to contribute to the effectiveness of the audit and, second, to contribute to the audit efficiency. this memorandum should be completed and approved as part of initial audit planning. in completing this document there may be occassions when matters already

2、documented in other work papers are relevant. there is no need to re-write such material if a specific reference can be made. this memorandum is structured so that planning documentation common to all projects is presented. all items should be read and considered on every project. when a section is

3、not applicable, indicate n/a, with a brief explanation why it is not applicable. the planning memorandum is divided into four sections:i. introduction / backgroundii. management concerns & issuesiii. administration and job set up;iv. risk assessment; andv. nature and scope of auditthe project profil

4、e should be used as the starting point for project planning.i. introduction and background1. introduction2. background written for duplication in the audit report not more than pageii. management concerns & issues1. initial management concerns2. get out of jail free issues (management identified and

5、 disclosed issues may be excluded from scope if properly communicated in risk committee)iii.administration and set up1.auditee contacta.company management primary contactslist the names and titles of the companys management with whom the audit team will have substantial contact in the course of the

6、audit and the project sponsor. nametitlescheduled vacationemailphone numberb.planning conference with managementa meeting with company management should be held to discuss objectives, etc. a typical agenda for the initial meeting may include the following: identification of high risk areas;discussio

7、n of auditees concerns (eg. recurring problems, unreasonable policies and procedures). determine the auditees expectations of the project outcome to ensure that specific concerns they have may be built into the project;identification of changes since last audit (eg. system, operations, personnel);ag

8、reement of functions and related management control objectives to be tested;discussion of auditees participation;explanation of the audit approach; identification of possible efficiencies and cost savings; role of the project sponsor;protocols for obtaining management comments; andtiming of the revi

9、ew (including submission of draft report and anticipated date of closing meeting).management in attendanceinternal audit personnel in attendance:2.audit team and external assistanceensure that the audit team is appropriately leveraged in terms of experience, given the relative complexity of the proj

10、ect. also consider the need for systems personnel or other specialist assistance.audit teamscheduled vacationany work requiring systems specialty knowledge or other specialist assistance should be coordinated with the appropriate auditors in the planning phase of the engagement to ensure such work i

11、s done in a timely and efficient manner avoiding duplication of effort. it auditor assistance:list below the planned it auditor applications to be used on the engagement. all application requests should be cleared through the appropriate manager. 3. audit budget (time & cost)iv.risk assessmenta.risk

12、 indicatorsthe project profile and the opening meeting held with manangement should provide a basis for the risk assessment process. in evaluating the risk level of the project the following items should also be considered:1.regulatory requirementsstatutory and regulatory requirements impacting the

13、project need to be considered and assessed in terms of their relevance to the project. consideration should also be given to the potential consequences of non-compliance with statutory and /or regulatory requirements and our role in detecting such non-compliance. our work should be planned to addres

14、s this risk.regulationnon-compliance consequence2.prior auditsa.previous audit historyprior audit date: _prior audit opinion: _direction of risk from prior audit: _key issues raised:issuecorrective action / dateb.follow-up on previous audit concernsreview previous reports, management responses, exce

15、ptions noted last audit period, preaudit file comments, etc. list items that require follow-up or special attention during the current audit (eg. recommendations not implemented). matters to be followed-upworking paper reference3.extent of changedocument any significant current events, issues and co

16、nsiderations and how such conditions will impact the overall audit approach (restructuring, new products, changes in operations, management, changes in compliance requirements and other regulations, environment, etc.). consider managements position on operational change as well as other prior events

17、 and issues which have carry over impact on the current audit project. 4.political sensitivity and technical difficulty of projects projects considered to require a high level of technical competence and/or considered to be politically sensitive in nature (eg. involving sensitive contracts and the t

18、endering process, or allocation of funds) should be treated as high risk. document below any areas assessed as high risk.5.other factorsconsider the impact of other factors, including:materiality of area under reviewwill the audit results be certified to any external bodywill there be external audit

19、 relianceis there a high risk of fraudhas management expressed any concerns about the area under reviewb. annual risk assessment resultsc.risk assessment (impact / likelihood) - overall conclusion:if the risk level, assessed as a result of the planning phase, differs from the risk indicated on the p

20、roject profile, the reasons for the change should be documented. director sign-off on the revised risk assessment is required below._internal audit directorv.nature, objectives, and scope of the auditonce determined, the detailed work to be performed should be documented in the standard form work pr

21、ogram. in determining the approach to the project the following issues should be considered: 1.scope of the work to be performeda)determine the specific functions to be reviewed. for business process review projects, it may not be necessary to flowchart and process map all functions in the audit are

22、a. select those functions that are critical to the business unit achieving its objectives. where processes are cross-functional, define the extent of work to be performed in other business units. b)for business units with more than one geographic location, determine (and justify) where the audit wor

23、k is to be performed and what arrangements need to be made to complete testing outside (main location). c)where the project involves detailed transaction testing, a statistically based sampling approach should generally be used. the justification for the sampling method and parameters selected should be documented in the appropriate sampling approach memo. scope:2.internal control evaluationprepare an internal control questionnaire to assist in risk evaluation and/or prepare an outline of de